Agenda - Distributed Meeting 2010-09-07 (v2) from Frederick.Hirsch@nokia.com on 2010-09-07 (public-xmlsec@w3.org from September 2010)

From: <Frederick.Hirsch@nokia.com>
Date: Tue, 7 Sep 2010 15:03:58 +0200
To: <public-xmlsec@w3.org>
CC: <Frederick.Hirsch@nokia.com>
Message-ID: <6F770C04-A427-440C-ABBF-5C74F86DD88B@nokia.com>
Agenda v2: W3C XML Security WG Distributed Meeting #80, 7  September  2010  Distributed Meeting

v2, added streaming proposal, best practices proposal,  updates on C14N2 conformance, namespace injection in Sig 2.0, roadmap update, scribe needed.

Logistics details and links to information at the bottom of this email.

1) Administrivia: Scribe confirmation, Agenda review, Meeting  Planning, Liaisons, Announcements

1a) updated roadmap, please review http://lists.w3.org/Archives/Member/member-xmlsec/2010Sep/0004.html (Frederick)

1b) TPAC registration and planning

Please complete WG questionnaire: http://www.w3.org/2002/09/wbs/42458/tpac2010xmlsec/

If attending remember to complete TPAC registration (separate from WG questionnaire)

http://www.w3.org/2002/09/wbs/35125/TPAC2010reg/

Have requested polycom and flip chart, http://www.w3.org/2002/09/wbs/34786/TPAC10_av/results#xAV-resp

ACTION-652, tlr to  request conference bridge

1c) updated roadmap

http://lists.w3.org/Archives/Member/member-xmlsec/2010Sep/0004.html (Frederick)

2) Minutes Approval

Approve 31 August 2010 minutes

http://www.w3.org/2010/08/31-xmlsec-minutes.html

Proposed RESOLUTION: Minutes from 31 August 2010 approved.

3) Publications

Updated WDs  of "XML Signature 2.0", "Canonical XML 2.0", "XML Security RELAX NG Schemas", "XML Signature Best Practices" published. FPWD of "XML Signature Streaming Profile of XPath 1.0" published. Updated WG publication status and WG home pages.

http://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0000.html (Frederick)

4) Canonical XML 2.0

4a) Canonical XML 2.0 Conformance Profiles, ACTION-625

http://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0001.html (Meiko)

http://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0011.html (Pratik)

http://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0012.html (Scott)

5) XML Signature 2.0

5a) Namespace Injection, ACTION-538

Decision regarding choices, #3 or #4?

http://lists.w3.org/Archives/Public/public-xmlsec/2010May/0027.html

thread:

http://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0002.html (Meiko)

http://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0005.html (Scott)

http://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0009.html (Meiko)

http://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0010.html (Scott)

5b) Schema and serial number

http://lists.w3.org/Archives/Public/public-xmlsec/2010Aug/0086.html (Pratik)

ACTION-649 open	Check in with Michael Sperberg-McQueen about decimal and bignums	Thomas Roessler	2010-09-07	

ACTION-650	open	propose choices for X509SerialNumber fix	Thomas Roessler	2010-09-09	

ACTION-651 open	Summarize errata process and RESOLUTION A versus C	Thomas Roessler

ISSUE-43	OPEN	Improvements to XML Signature schema

5c) Additional Signature 2.0 actions and issues

ACTION-638	open	Make proposal for ISSUE-210, see also http://lists.w3.org/Archives/Public/public-xmlsec/2010Aug/0043.html (uncomplicate section)	Scott Cantor

ISSUE-160	OPEN	Define URI for Canonical XML 2.0, add section to Signature 2.0 defining Canonical XML 2.0

ACTION-648	open	Flesh out 6.8, shuffle order of sections, define URI for C14N2, see ISSUE-160	Pratik Datta

ACTION-647	open	Implement Cantor's proposed text to identify all attributes	Pratik Datta

ACTION-653 open Review status of ISSUE-183   Frederick Hirsch
ISSUE-183	OPEN	Constrain 2.0 SignedInfo canonicalization choice for 2.0 model?

6) XML Signature Streaming Profile of XPath 1.0

6a) proposed text

http://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0013.html (Meiko)

http://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0015.html (Scott)

6b) actions

ACTION-548	open	Ed to review XPath Profile	Ed Simon

ACTION-644	open	Propose text for Streaming XPath Profile to note that 1-pass not always possible, giving examples where 1-pass is not possible	Meiko Jensen

7) Best Practices

7a) proposal, http://lists.w3.org/Archives/Public/public-xmlsec/2010Sep/0014.html (Meiko)

7b) actions

ACTION-604	open	Propose change for best practices for ISSUE-170	Hal Lockhart

ACTION-643	open	Propose text for best practices re ISSUE-212, attack noted in http://lists.w3.org/Archives/Public/public-xmlsec/2010Aug/0020.html	Meiko Jensen

8) XML Encryption

ACTION-280	open	Produce test cases for derived keys	Magnus Nyström

ISSUE-132	OPEN	Keep 2.0 xenc transform feature in sync with signature 2.0

9) Interop and F2F planning

What is our plan?

10)  Additional action and Issue Review

10a) Open Action Review

Open actions are listed in Tracker at <http://www.w3.org/2008/xmlsec/track/actions/open

Procedure for closing actions: <http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions

Please review open action list and update your actions appropriately:

<http://www.w3.org/2008/xmlsec/actions-open.html>

10b) Close Pending actions

These will be closed after the meeting unless concern raised before  or  during meeting. Please review in advance of meeting.

ACTION-538: Meiko Jensen to Provide proposal related to namespace wrapping attacks once XPath profile available

ACTION-620: Cynthia Martin to Review C14N2 references, ISSUE-200

ACTION-625: Meiko Jensen to Review c14n2 parameters with regards to conformance and optionality

10c)  Issue Review

<http://www.w3.org/2008/xmlsec/track/issues/open>

11) Other Business

12) Adjourn

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

Scribing  list
----------------
Bradley Hill, Invited Expert (14 July 2009)
Shivaram Mysore, Invited Expert (6 November 2009 F2F, 23 June 2009)
John Wray, IBM (15 Dec 2009, 1 Sept 2009)
Sean Mullan, Oracle (12 January 2010, 6 October 2009)
Chris Solc, Adobe (26 January 2010, 8 December 2009)
Aldrin d'Souza, EMC (9 Feb 2010)
Karel Wouters IBBT, (9 March 2010)
Bruce Rich, IBM (30 March 2010)
Magnus Nyström, Microsoft (27 April, 2010, 2 June, 2009)
Meiko Jensen (11 May, 2010)
Brian LaMacchia, Microsoft (25 May 2010, 6 November 2009 F2F)
Ed Simon, Invited Expert (15 June 2010, 25 January 2010)
Cynthia Martin, MITRE (6 July 2010, 2 March 2010)
Pratik Datta, Oracle (27 July 2010, 20 October 2009)
Gerald Edgar, Boeing (10 August 2010, 22 June 2010, 13 April 2010)
Hal Lockhart, Oracle (17 August 2010, 2 February 2010, 27 October 2009)
Thomas Roessler (31 August 2010, 4 May, 2010, 20 April 2010)
Scott Cantor, invited expert (31 August 2010, 1 June 2010, 24 Nov 2009)

Logistics Info:

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')

IRC Chat: irc.w3.org (port 6665), #xmlsec

Web-based IRC (member-only): <http://irc.w3.org/?channels=xmlsec>

Please note that attendance of XMLSEC WG teleconferences is  
restricted  to registered WG participants and persons invited by the  
chair.

Scribe Instructions: <http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

Liaison information: <http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

Publication Status available at <http://www.w3.org/2008/xmlsec/wiki/PublicationStatus

Roadmap at <http://www.w3.org/2008/xmlsec/wiki/Roadmap>
---
Received on Tuesday, 7 September 2010 13:05:14 UTC